Microsoft Threat Intelligence has identified the “BadPilot campaign,” a subgroup of the Russian state actor Seashell Blizzard, which has been targeting global Internet-facing infrastructure since 2021. Utilizing various vulnerabilities, the group gains persistent access to high-value sectors, including energy and defense, employing techniques like credential theft and lateral movement to conduct extensive cyber operations and attacks.
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API
A sophisticated malware family leveraging Microsoft Outlook for communication via the Microsoft Graph API has been discovered, comprising a custom loader (PATHLOADER) and a backdoor
